DDNS and TSIG
Kamus of Kadizhar
yan at NsOeSiPnAeMr.com
Fri Oct 22 08:34:46 UTC 2004
I know this has probably been discussed to death, so my apologies if I
missed it in the archives....
I just set up a new server. It's set up using Fedora Core 2.
I am running bind 9.2.3 (BIND 9.2.3 -u named -t /var/named/chroot) and
dhcpd V3.0.1rc14.
I've been through my entire TSIG configuration; when a client is assigned
a lease, I get:
Oct 21 10:19:51 kahn dhcpd: Unable to add forward map from tnd-253.tnd.lan
to 192.168.141.253: invalid TSIG key
I have a similar set up with and older bind/dhcpd combination that works
just fine. I set this one up identical to the old one; no joy.
I recreated the keys
dnssec-keygen -a HMAC-MD5 -b 128 -p 3 -n ZONE kahn.tnd.lan; no joy.
I've tried the default keygen command from the dhcpd.conf manpage; no joy.
I've been through a couple of FAQs on the web and I've checked my setup;
it is as similar as I can make it, no joy. The only difference is that
the old setup is not running chrooted bind; this one is. Does this make
any difference to TSIG?
named.conf:
key kahn.tnd.lan {
algorithm hmac-md5 ;
secret "<key>" ;
} ;
zone "tnd.lan"{
type master;
file "tnd.hosts";
allow-update { key kahn.tnd.lan ; };
};
zone "141.168.192.in-addr.arpa"{
type master;
file "tnd.hosts.rev";
allow-update { key kahn.tnd.lan ; };
dhcpd.conf:
ddns-update-style interim;
key kahn.tnd.lan {
algorithm hmac-md5 ;
secret "<key>" ;
}
zone tnd.lan. {
key kahn.tnd.lan ;
}
zone 141.168.192.in-addr.arpa. {
key kahn.tnd.lan ;
}
Can anyone give me some pointers on where to look? I can't for the life
of me figure out what I'm doing wrong....
Thanks,
--Kamus
More information about the bind-users
mailing list